Using DEL as 1260 (original value), the dumping takes 45 mins (see readme file inside the blink_g7.rar) for each step.

It should be possible to dump it in a unique step (from 0xFFC00000 till 0xFFFFFFFF there are 0x400000 values), but the dumping time will be extended proportionally.

Step2 : HW circuit

The same circuit used for G7 has been used. The same load.exe was executed and the bytes counter appeared in the console.

Step3 : Dump the Original Firmware

It is better to dump the firmware when the camera and the circuit are cold. In this situation, exact alignment of the led and the camera are not required to get the dump. The extraction usually works even in standard lighting conditions (not in a dark place).

After 2 or 3 consecutive attempts, I always get a noisy dump, and it is useless. It is time to stop.

To get the final dump, I have dumped each part 4 times. With a hexadecimal compare utility, I found two identical copies. I copy them together to get the firmware dump, removing the 55's and the begin and end strings using and hexadecimal editor.

In the IDA, after the script execution, the output (log) has no errors. This could be a criteria to check if everything went ok.

- In the stubs_entry.S, the autodetected functions are stored. Some of them, maybe wrong autodetected. check them in IDA
- In the stubs_entry_2.S, the overriden functions or not detected functions must be added manually. Check the names in IDA.
- When linking the CHDK, some of undefined sub_XXXXXXXX functions usually appears. It related the stubs_auto.S file. Check Compiling_CHDK_under_Windows#Undefined_reference_to_.60sub_....27.
To solve it, open the file and add the unresolved addresses to it following the same schema

STUB(FFCB4532)

CHDK Ported Successfully

Porting is completed, the latest sources are available from the trunk.

Thanks to EWAVR, GrAnd and rossig sources, the CHDK has been ported to the A560 1.00A camera. It is based on the rossig source code for A570.